Symantec Access Management

Tech Tip : CA Single Sign-On : BackwardCompatibleMode atribute in Unix sm.registry file of Siteminder SSO v12.52 

  • 1.  Tech Tip : CA Single Sign-On : BackwardCompatibleMode atribute in Unix sm.registry file of Siteminder SSO v12.52 

    Broadcom Employee
    Posted Jun 15, 2018 06:47 AM

    Question:


    We're migrating a test environment with two backend Policy Servers
    12.52, to 12.7. The operating system is Red Hat 6.8 and
    documentation talks about adding the attribute BackwardCompatibleMode
    while migrating versions to avoid agent key update rollover problem.

    The question is that, when reading the "sm.registry" file of Policy
    Server, it has windows registry format and don't know how to add this
    value at unix file. We have searched knowledge and communities and
    found this tip

    https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2017/12/04/tech-tip-ca-single-sign-on-policy-serveran-agent-change-key-command-was-received-that-contained-a-set-of-null-keys


    but it's not solving the problem.

    Can you help us in how to add this value at sm.registry file over unix
    operating system?

     

    Answer:

     

    The syntax should be :
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer BackwardCompatibleMode= 0x1; REG_DWORD

    Note that this registry setting is available only from Policy Server 12.7


    KB : KB000101652